a89367e6ea0f7c5f2e7b88fa13a592969320647329361c6b8283e5cd2564d9d4

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
Size

184KB
MD5

42c927cde0418bfe7318d088236ca5b0
SHA1

ec44a2961d609bd1c2f32e66c6e145c57d520e82
SHA256

a89367e6ea0f7c5f2e7b88fa13a592969320647329361c6b8283e5cd2564d9d4
SHA512

c1c1139b21a493e0f96d23428e7f7eb60341a10a07d10c781b4db0d2d0ec7bedef39ce8f9686b8642a0161295f0571c0cd99791a91b4327800546ac69a011c3e
SSDEEP

3072:0Zh348oQ7bB+dy7WepVL7P9zhlnDiF8n3:0Zpo86y7xLr9zhlnDiF8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2404	Unicorn-48035.exe
1660	Unicorn-20682.exe
1852	Unicorn-4900.exe
2624	Unicorn-9991.exe
2616	Unicorn-29857.exe
2564	Unicorn-18517.exe
2184	Unicorn-14433.exe
1596	Unicorn-34299.exe
2740	Unicorn-11029.exe
1600	Unicorn-3416.exe
3040	Unicorn-43510.exe
2536	Unicorn-55762.exe
1376	Unicorn-7308.exe
2476	Unicorn-28373.exe
2100	Unicorn-33203.exe
892	Unicorn-37885.exe
1080	Unicorn-46053.exe
3056	Unicorn-63136.exe
448	Unicorn-21549.exe
636	Unicorn-1683.exe
2964	Unicorn-62472.exe
1812	Unicorn-62150.exe
1764	Unicorn-30629.exe
1688	Unicorn-38243.exe
1708	Unicorn-26545.exe
872	Unicorn-21907.exe
1912	Unicorn-10209.exe
2980	Unicorn-9270.exe
1576	Unicorn-9270.exe
2392	Unicorn-59026.exe
1860	Unicorn-13354.exe
2440	Unicorn-43526.exe
2924	Unicorn-51694.exe
2504	Unicorn-35912.exe
2064	Unicorn-35358.exe
3024	Unicorn-47418.exe
2844	Unicorn-35720.exe
1664	Unicorn-55586.exe
2904	Unicorn-11216.exe
1944	Unicorn-63946.exe
2676	Unicorn-63946.exe
1952	Unicorn-48165.exe
324	Unicorn-52249.exe
2144	Unicorn-43142.exe
2864	Unicorn-27360.exe
628	Unicorn-47226.exe
332	Unicorn-49037.exe
584	Unicorn-37339.exe
840	Unicorn-52929.exe
1388	Unicorn-33063.exe
1772	Unicorn-32125.exe
1420	Unicorn-45124.exe
2356	Unicorn-48653.exe
1716	Unicorn-52737.exe
1996	Unicorn-7983.exe
1548	Unicorn-15596.exe
1896	Unicorn-3899.exe
1276	Unicorn-23765.exe
2592	Unicorn-64797.exe
2524	Unicorn-44377.exe
2800	Unicorn-44377.exe
2520	Unicorn-48461.exe
2620	Unicorn-36763.exe
788	Unicorn-29193.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
2404	Unicorn-48035.exe
2404	Unicorn-48035.exe
1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
2404	Unicorn-48035.exe
2404	Unicorn-48035.exe
1852	Unicorn-4900.exe
1852	Unicorn-4900.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
1660	Unicorn-20682.exe
1660	Unicorn-20682.exe
1852	Unicorn-4900.exe
1852	Unicorn-4900.exe
2624	Unicorn-9991.exe
2624	Unicorn-9991.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
2984	WerFault.exe
3044	WerFault.exe
2564	Unicorn-18517.exe
2564	Unicorn-18517.exe
2616	Unicorn-29857.exe
2616	Unicorn-29857.exe
2184	Unicorn-14433.exe
2184	Unicorn-14433.exe
1596	Unicorn-34299.exe
1596	Unicorn-34299.exe
2624	Unicorn-9991.exe
2624	Unicorn-9991.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
2164	WerFault.exe
1712	WerFault.exe
2740	Unicorn-11029.exe
2740	Unicorn-11029.exe
2564	Unicorn-18517.exe
2564	Unicorn-18517.exe
1600	Unicorn-3416.exe
1600	Unicorn-3416.exe
2536	Unicorn-55762.exe
2536	Unicorn-55762.exe
2184	Unicorn-14433.exe
2184	Unicorn-14433.exe
1596	Unicorn-34299.exe
1596	Unicorn-34299.exe
1376	Unicorn-7308.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2712	1704	WerFault.exe	27
2724	2404	WerFault.exe	28
2984	1852	WerFault.exe	30
3044	1660	WerFault.exe	29
2164	2616	WerFault.exe	33
1712	2624	WerFault.exe	32
1560	2564	WerFault.exe	35
1508	2184	WerFault.exe	36
948	1596	WerFault.exe	37
2344	2100	WerFault.exe	48
2216	2740	WerFault.exe	40
2680	1600	WerFault.exe	41
2632	2536	WerFault.exe	43
2696	3040	WerFault.exe	42
2812	1376	WerFault.exe	44
1676	2476	WerFault.exe	47
1724	892	WerFault.exe	49
2056	1080	WerFault.exe	50
824	636	WerFault.exe	52
592	448	WerFault.exe	53
1128	3056	WerFault.exe	51
2292	1812	WerFault.exe	58
1036	2964	WerFault.exe	57
1844	1764	WerFault.exe	60
1964	1708	WerFault.exe	62
292	1688	WerFault.exe	61
2816	872	WerFault.exe	63
1700	2980	WerFault.exe	66
112	1912	WerFault.exe	64
876	1860	WerFault.exe	68
1692	2392	WerFault.exe	67
2780	2440	WerFault.exe	71
1528	2924	WerFault.exe	74
2128	2504	WerFault.exe	75
3000	2064	WerFault.exe	77
3060	3024	WerFault.exe	78
828	1664	WerFault.exe	80
2500	324	WerFault.exe	85
2896	2844	WerFault.exe	79
3088	2144	WerFault.exe	86
3104	2904	WerFault.exe	81
3096	1952	WerFault.exe	84
3160	2676	WerFault.exe	82
3176	1944	WerFault.exe	83
3192	628	WerFault.exe	88
3200	2864	WerFault.exe	87
3508	2548	WerFault.exe	144
3600	2288	WerFault.exe	145
3460	332	WerFault.exe	92
4056	1896	WerFault.exe	106
4060	1996	WerFault.exe	103
3168	1388	WerFault.exe	98
3208	584	WerFault.exe	93
3448	2620	WerFault.exe	111
3596	840	WerFault.exe	97
3864	1276	WerFault.exe	105
3868	1980	WerFault.exe	123
3972	2592	WerFault.exe	107
3980	1548	WerFault.exe	104
4076	2356	WerFault.exe	101
3376	1412	WerFault.exe	116
3492	2456	WerFault.exe	128
3572	2108	WerFault.exe	133
3592	2384	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
2404	Unicorn-48035.exe
1660	Unicorn-20682.exe
1852	Unicorn-4900.exe
2616	Unicorn-29857.exe
2624	Unicorn-9991.exe
2564	Unicorn-18517.exe
2184	Unicorn-14433.exe
1596	Unicorn-34299.exe
2740	Unicorn-11029.exe
1600	Unicorn-3416.exe
3040	Unicorn-43510.exe
1376	Unicorn-7308.exe
2536	Unicorn-55762.exe
2476	Unicorn-28373.exe
2100	Unicorn-33203.exe
892	Unicorn-37885.exe
1080	Unicorn-46053.exe
3056	Unicorn-63136.exe
448	Unicorn-21549.exe
636	Unicorn-1683.exe
1812	Unicorn-62150.exe
2964	Unicorn-62472.exe
1764	Unicorn-30629.exe
1688	Unicorn-38243.exe
1708	Unicorn-26545.exe
872	Unicorn-21907.exe
1912	Unicorn-10209.exe
2980	Unicorn-9270.exe
1860	Unicorn-13354.exe
2392	Unicorn-59026.exe
2440	Unicorn-43526.exe
2924	Unicorn-51694.exe
2504	Unicorn-35912.exe
2064	Unicorn-35358.exe
3024	Unicorn-47418.exe
2844	Unicorn-35720.exe
1664	Unicorn-55586.exe
2904	Unicorn-11216.exe
2676	Unicorn-63946.exe
1944	Unicorn-63946.exe
1952	Unicorn-48165.exe
324	Unicorn-52249.exe
2144	Unicorn-43142.exe
2864	Unicorn-27360.exe
628	Unicorn-47226.exe
332	Unicorn-49037.exe
584	Unicorn-37339.exe
1388	Unicorn-33063.exe
840	Unicorn-52929.exe
1772	Unicorn-32125.exe
1420	Unicorn-45124.exe
2356	Unicorn-48653.exe
1716	Unicorn-52737.exe
1996	Unicorn-7983.exe
1548	Unicorn-15596.exe
1896	Unicorn-3899.exe
1276	Unicorn-23765.exe
2592	Unicorn-64797.exe
2800	Unicorn-44377.exe
2524	Unicorn-44377.exe
2520	Unicorn-48461.exe
788	Unicorn-29193.exe
2620	Unicorn-36763.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2404	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2404	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2404	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2404	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	28
PID 2404 wrote to memory of 1660	2404	Unicorn-48035.exe	29
PID 2404 wrote to memory of 1660	2404	Unicorn-48035.exe	29
PID 2404 wrote to memory of 1660	2404	Unicorn-48035.exe	29
PID 2404 wrote to memory of 1660	2404	Unicorn-48035.exe	29
PID 1704 wrote to memory of 1852	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 1852	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 1852	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 1852	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2712	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2712	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2712	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2712	1704	42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe	31
PID 2404 wrote to memory of 2624	2404	Unicorn-48035.exe	32
PID 2404 wrote to memory of 2624	2404	Unicorn-48035.exe	32
PID 2404 wrote to memory of 2624	2404	Unicorn-48035.exe	32
PID 2404 wrote to memory of 2624	2404	Unicorn-48035.exe	32
PID 1852 wrote to memory of 2616	1852	Unicorn-4900.exe	33
PID 1852 wrote to memory of 2616	1852	Unicorn-4900.exe	33
PID 1852 wrote to memory of 2616	1852	Unicorn-4900.exe	33
PID 1852 wrote to memory of 2616	1852	Unicorn-4900.exe	33
PID 2404 wrote to memory of 2724	2404	Unicorn-48035.exe	34
PID 2404 wrote to memory of 2724	2404	Unicorn-48035.exe	34
PID 2404 wrote to memory of 2724	2404	Unicorn-48035.exe	34
PID 2404 wrote to memory of 2724	2404	Unicorn-48035.exe	34
PID 1660 wrote to memory of 2564	1660	Unicorn-20682.exe	35
PID 1660 wrote to memory of 2564	1660	Unicorn-20682.exe	35
PID 1660 wrote to memory of 2564	1660	Unicorn-20682.exe	35
PID 1660 wrote to memory of 2564	1660	Unicorn-20682.exe	35
PID 1852 wrote to memory of 2184	1852	Unicorn-4900.exe	36
PID 1852 wrote to memory of 2184	1852	Unicorn-4900.exe	36
PID 1852 wrote to memory of 2184	1852	Unicorn-4900.exe	36
PID 1852 wrote to memory of 2184	1852	Unicorn-4900.exe	36
PID 2624 wrote to memory of 1596	2624	Unicorn-9991.exe	37
PID 2624 wrote to memory of 1596	2624	Unicorn-9991.exe	37
PID 2624 wrote to memory of 1596	2624	Unicorn-9991.exe	37
PID 2624 wrote to memory of 1596	2624	Unicorn-9991.exe	37
PID 1852 wrote to memory of 2984	1852	Unicorn-4900.exe	38
PID 1852 wrote to memory of 2984	1852	Unicorn-4900.exe	38
PID 1852 wrote to memory of 2984	1852	Unicorn-4900.exe	38
PID 1852 wrote to memory of 2984	1852	Unicorn-4900.exe	38
PID 1660 wrote to memory of 3044	1660	Unicorn-20682.exe	39
PID 1660 wrote to memory of 3044	1660	Unicorn-20682.exe	39
PID 1660 wrote to memory of 3044	1660	Unicorn-20682.exe	39
PID 1660 wrote to memory of 3044	1660	Unicorn-20682.exe	39
PID 2564 wrote to memory of 2740	2564	Unicorn-18517.exe	40
PID 2564 wrote to memory of 2740	2564	Unicorn-18517.exe	40
PID 2564 wrote to memory of 2740	2564	Unicorn-18517.exe	40
PID 2564 wrote to memory of 2740	2564	Unicorn-18517.exe	40
PID 2616 wrote to memory of 1600	2616	Unicorn-29857.exe	41
PID 2616 wrote to memory of 1600	2616	Unicorn-29857.exe	41
PID 2616 wrote to memory of 1600	2616	Unicorn-29857.exe	41
PID 2616 wrote to memory of 1600	2616	Unicorn-29857.exe	41
PID 2184 wrote to memory of 3040	2184	Unicorn-14433.exe	42
PID 2184 wrote to memory of 3040	2184	Unicorn-14433.exe	42
PID 2184 wrote to memory of 3040	2184	Unicorn-14433.exe	42
PID 2184 wrote to memory of 3040	2184	Unicorn-14433.exe	42
PID 1596 wrote to memory of 2536	1596	Unicorn-34299.exe	43
PID 1596 wrote to memory of 2536	1596	Unicorn-34299.exe	43
PID 1596 wrote to memory of 2536	1596	Unicorn-34299.exe	43
PID 1596 wrote to memory of 2536	1596	Unicorn-34299.exe	43

C:\Users\Admin\AppData\Local\Temp\42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42c927cde0418bfe7318d088236ca5b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20682.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        11⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        12⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        13⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        14⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        15⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
        15⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        14⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        13⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        12⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        11⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        11⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        12⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        13⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        14⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        14⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        13⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        11⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        10⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        12⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        13⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        14⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        14⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        12⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        10⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        9⤵
        Program crash
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        10⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        13⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        14⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 220
        14⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        12⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        11⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        12⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        13⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 236
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        10⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        9⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        8⤵
        Program crash
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        12⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        13⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        14⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        14⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        12⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        11⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        11⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        12⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        13⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        11⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        12⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        13⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
        13⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        9⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        7⤵
        Program crash
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49037.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        11⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        12⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46840.exe
        13⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        14⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        15⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
        15⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        14⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        11⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        11⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        12⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        13⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        14⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        14⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        13⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        12⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        11⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        10⤵
        Program crash
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        10⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        12⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        13⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        14⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
        13⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        12⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        10⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        9⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        11⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        13⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        14⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        14⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        13⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        11⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        12⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        13⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        13⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        12⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        11⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 220
        9⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        Program crash
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        11⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        12⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 220
        13⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        10⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        9⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        11⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        11⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        8⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        7⤵
        Program crash
        
        PID:2292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        5⤵
        Program crash
        
        PID:1560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34299.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        10⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        11⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        12⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        13⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        14⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        13⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        11⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        13⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        12⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        10⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        9⤵
        Program crash
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        8⤵
        Program crash
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        11⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        12⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        13⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 236
        12⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        11⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        12⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        13⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        13⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        9⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        8⤵
        Program crash
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        10⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        12⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        13⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        13⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        12⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        11⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        9⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
        8⤵
        Program crash
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        7⤵
        Program crash
        
        PID:112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        6⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        6⤵
        Executes dropped EXE
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        11⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        12⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        13⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        11⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        11⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
        12⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        8⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        7⤵
        Program crash
        
        PID:2896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 220
        6⤵
        Program crash
        
        PID:824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        5⤵
        Program crash
        
        PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        10⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        12⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        13⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        14⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        13⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        12⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        13⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        11⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        12⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        13⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        13⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        12⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        9⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        8⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        12⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
        8⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
        7⤵
        Program crash
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        12⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
        13⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        13⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
        12⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        11⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        12⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 236
        12⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        11⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 220
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        8⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        11⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
        12⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 220
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        10⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        7⤵
        Program crash
        
        PID:2500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        6⤵
        Program crash
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        12⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        13⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        13⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        10⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        11⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
        12⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
        11⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        7⤵
        Program crash
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        12⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        10⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        11⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        7⤵
        Program crash
        
        PID:3376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        6⤵
        Program crash
        
        PID:1692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        5⤵
        Program crash
        
        PID:2812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        11⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        12⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        13⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        12⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        9⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        12⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        13⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        13⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 220
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        10⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        11⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        8⤵
        Program crash
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        8⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        10⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
        10⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
        8⤵
        Program crash
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        7⤵
        Program crash
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        8⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17069.exe
        11⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        12⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        13⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
        11⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        12⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        10⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        11⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        12⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
        11⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        8⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        11⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        12⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        13⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        13⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        11⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
        12⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        12⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        8⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        11⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        12⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 236
        11⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        8⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        Program crash
        
        PID:3060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        6⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        11⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        12⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        13⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
        13⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 220
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
        11⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        11⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        12⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        12⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        11⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        11⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        12⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        10⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        7⤵
        Program crash
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10358.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        11⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        12⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        10⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        11⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 236
        11⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        7⤵
        Program crash
        
        PID:4060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        6⤵
        Program crash
        
        PID:1844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
        11⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 220
        12⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
        11⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        12⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        11⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        12⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        12⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        11⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        10⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        8⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 220
        7⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        7⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        11⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        12⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 240
        9⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        10⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 236
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        9⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        6⤵
        Program crash
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        11⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        12⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
        10⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        9⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        10⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        10⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        9⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        7⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:3200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        5⤵
        Program crash
        
        PID:1128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
      4⤵
      Program crash
      PID:1508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
  2⤵
  - Program crash
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe

Filesize
184KB

MD5
f477ea610c53dea2bbbb3d4ae24a03a3

SHA1
ebf94c3adced1cf33a8c9e6bc7ba295a96908af7

SHA256
dc96d967e40cfe4d88077bbee37255f80156b96dcdc5e6887caf968d9f4fde4f

SHA512
402c9f74aacfbd0893802eefcd38c1affa4e5185d59639ac809130203925dca64b9bee9e93f08b2a25f599058e3629e132d7fb228334b97d3e8729729447fa44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe

Filesize
184KB

MD5
5eee2496942ce952f322d4141b7d17f7

SHA1
782ef1994f455e45ba38589e06c94150fb8dd784

SHA256
21cd8bc57cd27c3335c6fe33a15d35440b5967e44be6996f890a19430eed8181

SHA512
3887bea0eadbdcd79f77a2339bd95995031366ea4037c5e98c76bbc2d8715e2c73c1aa547f6373d57e61c2e8bc3169ffb55b4aa100d915818b144eb26a56b0bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe

Filesize
184KB

MD5
72419aa1772442f5f9c415521226c5c8

SHA1
081a4eacb445627797975521726dcfd2027f5e34

SHA256
ae7f16932d89ad7f5e400baf2fb40a828d0f648f230471165db4ae997b22f771

SHA512
622d0d09fa9c3360ebfcea40303aa15a138dd7c0066cd599ab63343fab5e68b9e9dc43a2646cd1a1a37cca7f19c550faf5718e971f82cbe7b584e30449c62ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe

Filesize
184KB

MD5
6651a0b3eb745a232e235c038fd559ca

SHA1
c264e0c8ec70ee8d5f16e75f42e37a8783e955fb

SHA256
470d974ea7594ee3c9b6f004576e8457feff91b0a6a4166dd76eae74f31d664f

SHA512
2aa59916a34ee98aee95e1bc722e6881595e9cb149bda25a5490f2cfd198722066683723665c809f8c16eee746aa766cbc8459085b4e5abb84607e33eaba3858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe

Filesize
184KB

MD5
5ffa4be92575c31b2a03adc5a88f00c6

SHA1
4a93f46d0060880d7c1b45f585b3cb7b68b8f308

SHA256
56607fb37911240dbdd272ee45b6c368f41d97fd2c96386fdfe9e64ed01721a3

SHA512
f57a1f2e3c17a68615dc29d48f32be7da11bc4123881c3b87e91c025cce246e4975a442ffe40477a3b3aa73e98f592f7cf0e99d49a43c984decd4e5b626de8d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe

Filesize
184KB

MD5
d5dd873a061e8ff9054202a812d6a70b

SHA1
065ef3f8b884fc4b1d7013d790ae9d241a5d77d5

SHA256
98aa6a0610c402c766da8b959952c37622319275cde8ddf676d38a14fcaf1ae2

SHA512
799d16b151b47135ec0ed500c18ee91b999563c8b72ccf6a2ecc83f1e44b24affdda55adbd2630f47a550f9e80343d3a97cdb9f71877cee05f06a1c952f62bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe

Filesize
184KB

MD5
06dfdf2fba57fc81c3418affc1efe0dc

SHA1
6a4d339877c49fb35738484cc9c92414fd25e578

SHA256
a0436e074205e05ae3143a9a90f9e24e4f81fb41074c8c7a0272708e5a911a2e

SHA512
c39451d2b5367047c1042616772cb365eaedf959e0a5b0c5fd3cbdc1671d07013976dc2a099570905e978426f3892b1c1be110d7f57ecdea558159014eca3902

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe

Filesize
184KB

MD5
2227b17b67fc196a87b75687ac508039

SHA1
ff418f9346ded22ee19e403c65af486fc1d8e31b

SHA256
d81b7a14c35bfdb63807a6e08feb0f0955ecc882484d6ef33c5dbe8922e66e89

SHA512
6309ea5fba0ba68c090bb31eaa9159a0e4244a7d742f7b4738957d8b8f08f93cc49a099d643f7c7d878f30caadcf5e53c5459e8865d0b926c5c22096a4eaa1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe

Filesize
184KB

MD5
4b65cdeecfeb0c25234a8b6a7e75910c

SHA1
60d3814cb7120b62ee90248dce22961efde03c22

SHA256
153ec548ade118dc3bb23f06a81933f8dcb8925a4c7837e4ba71d3303820ac08

SHA512
95b8670e06f1d6a8d92a5bcf374d5bef05a684eba7050e71043b5904f6cc086fe97827524ad93b89d2379f3112693d5487a49ae01dbfdf7e8d0c6a86ac19290f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe

Filesize
184KB

MD5
0208e52c951944d0d6a5232427fc26bf

SHA1
3cc3072898f8c368a3bd5ee7fed0be486c28a66b

SHA256
b5a976aca110e215d7e07db5d3aa11f3351a40425501dc5022e3d631b89582f9

SHA512
45d5ccd0d756f235e75a478f27a519cfbfc5bcd5b7860c43fb97ee2fe8c47c9eb6f5077ae7b62cf4faa49906f2d64d2800e510a38014ef0c04abcee5aaf06338

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe

Filesize
184KB

MD5
fe522b9223fd1c3245072b23ee81c61f

SHA1
1f5147907d69490f6d616ca58c73e36e7d7eed88

SHA256
b04131894b61253a28717831493547cf4f1242d0ff4e9bf1e091b30eb73f0b96

SHA512
5c41994baded41a7cc204707c9d1e0a3621298be71e79bb7262e1f17c373918274c6a566155faefa04e4283696015ac8192745af62781163a3c93377305f364e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe

Filesize
184KB

MD5
40d7cc323a0c3c086d5ea22a109ce1b3

SHA1
788d3c75bdb012dcb9ebc54bab31652864546b01

SHA256
cebbeceee38853f74134d250f230502421cec428b62a92a91c4c128bdd64ef41

SHA512
067d256140cd159ad291dc080cb1b10aac1d9caed42e9edc1a46acc4626de69d27327132bfb9cbb287dae6e35a640c01091fc8eaa03bf6b41701c394b2842d47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe

Filesize
184KB

MD5
871cf28b171671954b5d29fe9da46ba9

SHA1
da6705abc89c29cdf60826d6c825e2c213bee7d0

SHA256
083ec230934206798866c75135725f77d1c62fd94a930d3c28506d0e08864b42

SHA512
19436bd7417d00c7614bb87ae4ff0dbad691ae8ae5263082c296b0f2995680ac79b4d1a92782113cdd0ef0280679358f85fc5b1d123a584284c75418e0b4c4d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20682.exe

Filesize
184KB

MD5
29ea18a4e611f15ce92796d5b5ebd329

SHA1
df0e5ba40b4f0a7141b502f41ce5318d4bc44483

SHA256
5cca644d817d7b42ad2660081034ada884e2002e752ef584edb1c3993edecee1

SHA512
69f97947498291810c06d6712719fa86deb26d7310e69408508a135271fcf42fe2281ce320c736f6a7fef13617e9dddf576b497bb5605f68322e6cda80e7c607

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe

Filesize
184KB

MD5
cb5416f3e0b588def086e3ea10a36416

SHA1
0ebf6a9190d88273a716edcbb420f4915fd6a060

SHA256
a5b7119d124dcb512a362109ddc00674d3a670f78f4d47b6c95b5ee9c516a845

SHA512
751bdbb9aa27cbbd7afc2c2730d766b148ca5951ea14bc5af6a5b5d731e45921201e4e2665131eb05d5280b2996870e8d22c2663143da60ff6d612c49f7f89ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34299.exe

Filesize
184KB

MD5
69abcbe82dc351aa4c863da2b8a5df40

SHA1
f1d7b7ceb6d40484686b3cfc0814191210af3c04

SHA256
974529084ea0e6e7adf24e5b11dbf6bcc890e375155d40724e954156c02516e9

SHA512
597d8a8f33fcb90f84eeafa25cebb40ea09ca1f5eb301a1a78296d2a951953fdea3db676375cac9f7224601e8a711c76a9b93ffdf2e522084bb28a038801d6d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe

Filesize
184KB

MD5
48b256a2e453eb906621e65be7f3c05d

SHA1
81fe3b1c7f8c0a05e9c9e069800d9c34f61bc451

SHA256
b7ec8cb6139a3f618c2f6523d214f7cfb37811344384920a8ec8606e06e5ab2e

SHA512
d983c4c5020fb7fd6e7f828b58e588c7a571bf3923cf35b2134529b612d6ccf9b70a23ddf960e56b8f53794e23355322ba2159588bd0be02c65030ed868a1860

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe

Filesize
184KB

MD5
89c166070b899b765f0f8f73a6746015

SHA1
172bdc48db913d0ba55a89d8a15e40e0a95474f9

SHA256
7a808810dc35a2173626d17da8732fcdd3e265d26dcd252216d947a9afb82d63

SHA512
ca15e708b54091cd1d843956ec335c78698ed2e64ab772d0101cdbdfa977f386c2c033065837b8133a2e757e9434cd1a1b6ca0ece9a3b364cc75875889a98b05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe

Filesize
184KB

MD5
3151b2ee9760b674a25c9185ea41827d

SHA1
b4103b31974885b3cb1370f9c726e0412e39cc6d

SHA256
8b50409ab8c4b9bc5f789626cea59bb5be821746a84c3b75c2358019855a30b0

SHA512
a7081fac118fecbaca92c3cebd77d67057040a2470357b0fe06f6d003a8382ab4014fc3f81045df3e6ca43428a5526386be6859dfee8ae11fcc074a199a78369

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe

Filesize
184KB

MD5
13e35ebc0458c9073a0dc75ea207c657

SHA1
041fed57b27b6580a0b1f6de38526544117ee51a

SHA256
a26525210561e8806c47c340157f89806f9d4f9ccc46306b74dca2013b43c4be

SHA512
4c645a839ac093cdcbb5faf4a6a618804417d31b2344887f04052665457c4eed6ccb0e37f4760fb4c4d6d9091e1ad50abfd85867ec96253ade865822ca7885a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe

Filesize
184KB

MD5
207e45367d0523811130b7ba572d30a5

SHA1
7ba9dbe16ac013e20ab03309aeecb361f277f129

SHA256
7b236f45d64c8c77aeaadf59779796ae034737e9281502f1674bfebbb9b3d041

SHA512
0d725f0f797178ee78ffc9d5459a3aca1152f56614d7af2a86ca21c5fa2231daf8b0806991c46bff61598a9a0c79598beee5c41148e91c07c7d93b528c667c3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads